Platonides has submitted this change and it was merged.
Change subject: Preserve caller expectations for behaviour of sslVerifyHost
......................................................................
Preserve caller expectations for behaviour of sslVerifyHost
(bug 42441) The previous patch unnecessarily broke backwards
compatibility in the Http::request() API, following cURL's broken
conventions for sslVerifyHost instead of the boolean interpretation
expected by all existing callers. This change reverts that one, and
fixes the bug in another way. See Ia6535f10.
Also don't bother wrapping the $this->sslVerifyHost access with isset()
since it's always set.
Change-Id: Id8d9374d9e9cbda87539ae725b1d3edfc728f449
---
M includes/HttpFunctions.php
1 file changed, 4 insertions(+), 19 deletions(-)
Approvals:
Platonides: Looks good to me, approved
diff --git a/includes/HttpFunctions.php b/includes/HttpFunctions.php
index 731ab04..8e48da4 100644
--- a/includes/HttpFunctions.php
+++ b/includes/HttpFunctions.php
@@ -45,9 +45,7 @@
* Otherwise it will use $wgHTTPProxy (if set)
* Otherwise it will use the environment
variable "http_proxy" (if set)
* - noProxy Don't use any proxy at all. Takes
precedence over proxy value(s).
- * - sslVerifyHost (curl only) Set to 2 to verify hostname
against certificate
- * Setting to 1 (or true) will NOT
verify the host name. It will
- * only check its existence. Setting
to 0 (or false) disables entirely.
+ * - sslVerifyHost (curl only) Verify hostname against
certificate
* - sslVerifyCert (curl only) Verify SSL certificate
* - caInfo (curl only) Provide CA information
* - maxRedirects Maximum number of redirects to follow
(defaults to 5)
@@ -187,15 +185,7 @@
protected $postData = null;
protected $proxy = null;
protected $noProxy = false;
- /**
- * Parameter passed to Curl that specifies whether
- * to validate SSL certificates.
- *
- * Setting to 0 disables entirely. Setting to 1 checks
- * the existence of a CN, but doesn't verify it. Setting
- * to 2 (the default) actually verifies the host.
- */
- protected $sslVerifyHost = 2;
+ protected $sslVerifyHost = true;
protected $sslVerifyCert = true;
protected $caInfo = null;
protected $method = "GET";
@@ -726,13 +716,8 @@
}
$this->curlOptions[CURLOPT_USERAGENT] =
$this->reqHeaders['User-Agent'];
- if ( isset( $this->sslVerifyHost ) ) {
- $this->curlOptions[CURLOPT_SSL_VERIFYHOST] =
$this->sslVerifyHost;
- }
-
- if ( isset( $this->sslVerifyCert ) ) {
- $this->curlOptions[CURLOPT_SSL_VERIFYPEER] =
$this->sslVerifyCert;
- }
+ $this->curlOptions[CURLOPT_SSL_VERIFYHOST] =
$this->sslVerifyHost ? 2 : 0;
+ $this->curlOptions[CURLOPT_SSL_VERIFYPEER] =
$this->sslVerifyCert;
if ( $this->caInfo ) {
$this->curlOptions[CURLOPT_CAINFO] = $this->caInfo;
--
To view, visit https://gerrit.wikimedia.org/r/51717
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Id8d9374d9e9cbda87539ae725b1d3edfc728f449
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_20
Gerrit-Owner: Tim Starling <[email protected]>
Gerrit-Reviewer: Platonides <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
